It's an important distinction when the collateral damage victims go whining to the press.
It reminds everyone that the administrator of the machine receiving the emails has chosen to use that list maintainer's recommendations as possible spam sources, and that they should be blocked.
Without subscribers, all spam source listings are toothless. This isn't some evil government agency blocking your email on the sly. It's sharing of information, and only as good as the maintainer's policies and reputation.
c) There is no direct way to be removed from SPEWS. You cannot contact them. You cannot explain your situation. (My situation is that we happen to have some IP addresses in this country, and have trouble reaching our customers because of it. We don't spam.)
I'll put it quite bluntly.
The reason there's no avenue to "explain your situation" is because none of the rest of us on the internet give two shits about Costa Rica's connectivity. Straight up.
You could launch Costa Rica to the moon, and it would take me 12 years to notice my World Atlas was a little bit lighter.
The lame argument that "we can't force our [national] ISP to be responsible" is total bunk. Consider all our email blocks to be documentation you can use to explain to
RACSA
of why reform is needed. Bad political decisions on your part is not going to make me pay for delivery of more spam.
ORBZ was scanning for open relays.
One of the known exploits for spammers to use open relays also happens to overlap with an old flaw in Lotus Notes, causing it to go into an infinite loop.
Battlecreek got whammied by ORBZ, unintentionally, and filed criminal charges.
We need to stop and think, "Is it really worth it to give up more of our freedom just to get rid of a few emails that you can easily delete without ever having to read them?"
You have all the freedom you want to send email. I just opt not to carry it for you. "The freedom to" implies a right. You have no rights on my, privately-owned, systems.
Also, we need to ask ourselves if we think we can really eliminate this problem anyhow. How are we going to be able to determine exactly what constitutes spam?
It's already been decided. I decided it when I plugged my system into the internet. When I find a DNSbl who's definition of spam closely matches mine, I consider using their recommendations to do my blocking.
The internet is not a public resource your government made for you (the technology is, the system isn't). I own my part. I am God on my part. Don't like it? Find another route for your traffic.
And what happens when some business receives an email from someone requesting information and sends them an email in reply about their products. It could be the case that person forgot they ever requested the info or that someone entirely different submitted the request under a fake name. How can it ever really be proved?
The business better be verifying that email address by sending a unique token to be returned. This is the method of verifying that the requestor owns that email box. Confirmed opt-in. Really now, all this has been established practice for the longest time. Only when there's money involved do people resist learning the ethics behind it. (marketers)
But there is still the issue of trust for those sysadms using the block lists. They presumably trust the list maintainer or they wouldn't be using the list.
This brings us to the core of the argument. If listee can, indeed, take his case to the owner of the blocking system. This is the way it's supposed to work. If the list is truly that badly maintained, then it will be unused in short order.
The blockee often screams unfairness, but doesn't care to look at the big spam picture. What is his block to me (the blocker) when I compare it to the crushing load of spam it's managing to stop? Nothing at all.
But by their anonymity, they make themselves unaccountable to anyone else.
They are accountable only to those who use the list to block. Those users may voice their displeasure by ceasing to use the list. Any other feedback avenue is above-and-beyond the responsibility of the list maintainer. Some might do it, some not. To assume they are accountable to anyone else is misguided.
"hey if he can't run his mail server right, he shouldn't be doing it at all". That's a bad attitude to take, and putting someone on a blacklist without giving him the chance to correct the problem first is just plain wrong. Yet thats what these blacklists do. Only after you take care of the problem are you taken off the blacklist.
Yes. It's called Performance Based judgement. You should try it some time instead of touchy-feely T-Ball games for your kids. (Hint: no one wins or loses, everyone bats every inning. Losing might traumitize the kids!)
IMO, the way it should work, to be fair, is to send a warning email to someone from the company.
We've tried that method. Admins try and hide behind nonstandard email addresses; no abuse@ or postmaster@ addresses, if they even list one at all. The whois databases on IP ownership aren't always trustworthy. It's a damn lot of work, in addition to the time-cost of listing to begin with. Not only is the offending admin using my resources to send his spam, he expects me to waste my valuable time tracking him down, and often teching him his job? No. Pay me.
I should know. I've been in this situation, where my email server was way down on my list of priorities.
We know. The blacklists exist to move this up on your list of priorities.
I was blacklisted without warning or explanation. I had to investigate the whole matter myself, fix the problem, find the people who blacklisted me and go through their procedures to get off the blacklist.
OMG. It's called doing your JOB you lazy puss. They didn't make this work-to-be-done appear out of midair, they merely highlighted it on your list.
As much as you point the finger, as much as you wiggle, as much as you try and shift blame, you didn't do your job, you didn't understand the technology you were dealing with, and you misconfigured the server. This means you get to fix it and deal with the cleanup issues. They're a lot bigger than you originally thought. Maybe hiring someone qualified is in order.
That's fine in the winter, but what happens in the summertime when you don't want warm air from the server room coming in?
But, you do.
This equalizes the heat throughout the house, so the normal house air conditioning can take it away. There's no getting around the fact that he's producing more heat than the normal house does and must pay to get it outside somehow.
As a mail administrator, I don't want to force my opinion on all others whose Email my server handles. So, filtering on the server is out of the question. My procmail will do the RBL check, and sort appropriately. Works great.
You are one of the reasons the spam fight is going so slowly. People like you are the ones that I don't want to share a server with because I'm having to pay not only for the spam you read, but the spam you don't read.
It seems like a really nice feature for an email client would be something like the ICQ feature that auto-ignores people that aren't on your list.
It's called "whitelisting". "Blacklisting" is keeping a list from places that you don't want to receive information from.
By the time the email reaches your email a client, the spammer/thief has already cost you money. The fact that you punch Delete, or whether your filter punches Delete for you, is absolutely meaningless. You're paying for all that spam out there. Do you realize how _cheap_ net access could get if we weren't subsidizing these thieves' advertising?
As someone who is neither a puritan nor a libertarian, the law just looks like a reasonable attempt to bring internet providers into the same playing field as brick and mortar on this issue. If you oppose all those original laws, just say so. But don't try to make this out as some evil and nefarious new thing.
That is exactly the point, yes. Who is to say that those original brick and mortar laws were acceptable to begin with? I think a taste of real freedom on the net has prompted many meatspace laws to be called into question. Not unrealistic.
The listing was removed because MAPS received a commitment from Macromedia to secure their all new subscriptions to their mailing lists and to clean their existing lists via secure opt-in. We had two nominations for Macromedia; both nominators contacted Macromedia and asked them to secure their lists. In neither case did the nominator receive a satisfactory response to their requests.
Our investigator attempted to contact Macromedia as well, and his calls were not returned. When several calls went unanswered, he
recommended the listing.
I think you should provide us with a link to the nomination that caused the listing, and then let us decide if it was fair or not; instead of just stating "it was listed."
You confirmed that the listing was present here...
... and I confirmed the IP numbers' presence on the RBL Thursday during the day.
A snapshot of the nomination would only be appropriate. Failing that, I would say that you don't really want our informed opinions, but a kneejerk anti-censorship reaction.
The amount of work involved in switching is a non-argument. While the rest of us might be willing to help providers fix their spam problem, and sympathize with the amount of work that would be required in switching providers, ultimately, it's not our responsibility.
It is your responsibility to do your research and know what kind of scumbags you're dealing with before signing a contract with them. Any costs associated with breaking that contract are yours to bear.
We have contracts with our providers. You have contracts with your provider. The two providers have no contract and are working through mutual agreement. This can be cut off, and is, if one side doesn't behave. --
I do agree with what you're saying... for a end-user ISP. But, if you are a backbone provider (as above.net is) and you are dropping packets that are passing across your backbone -- not from your direct customers, not to your direct customers you are WRONG.
You seem to be under the mental impression that a backbone's obligations and responsibilities are different from an ISP's. I disagree.
Neither are they common carriers. I don't want them to be and I think they don't want to be either.
"It looks like a phone company. It acts like a phone company. It must be a phone company."
Bull****!
--
Slashdot Mirror
It's an important distinction when the collateral damage victims go whining to the press.
It reminds everyone that the administrator of the machine receiving the emails has chosen to use that list maintainer's recommendations as possible spam sources, and that they should be blocked.
Without subscribers, all spam source listings are toothless. This isn't some evil government agency blocking your email on the sly. It's sharing of information, and only as good as the maintainer's policies and reputation.
c) There is no direct way to be removed from SPEWS. You cannot contact them. You cannot explain your situation. (My situation is that we happen to have some IP addresses in this country, and have trouble reaching our customers because of it. We don't spam.)
I'll put it quite bluntly.
The reason there's no avenue to "explain your situation" is because none of the rest of us on the internet give two shits about Costa Rica's connectivity. Straight up.
You could launch Costa Rica to the moon, and it would take me 12 years to notice my World Atlas was a little bit lighter.
The lame argument that "we can't force our [national] ISP to be responsible" is total bunk. Consider all our email blocks to be documentation you can use to explain to RACSA of why reform is needed. Bad political decisions on your part is not going to make me pay for delivery of more spam.
Where's a Starbucks when you damn well need one?!
They can have all of ours!
ORBZ was scanning for open relays.
One of the known exploits for spammers to use open relays also happens to overlap with an old flaw in Lotus Notes, causing it to go into an infinite loop.
Battlecreek got whammied by ORBZ, unintentionally, and filed criminal charges.
You are required to register on Slashdot to post, so what's wrong with registering on Newyork times to read?
We need to stop and think, "Is it really worth it to give up more of our freedom just to get rid of a few emails that you can easily delete without ever having to read them?"
You have all the freedom you want to send email. I just opt not to carry it for you. "The freedom to" implies a right. You have no rights on my, privately-owned, systems.
Also, we need to ask ourselves if we think we can really eliminate this problem anyhow. How are we going to be able to determine exactly what constitutes spam?
It's already been decided. I decided it when I plugged my system into the internet. When I find a DNSbl who's definition of spam closely matches mine, I consider using their recommendations to do my blocking.
The internet is not a public resource your government made for you (the technology is, the system isn't). I own my part. I am God on my part. Don't like it? Find another route for your traffic.
And what happens when some business receives an email from someone requesting information and sends them an email in reply about their products. It could be the case that person forgot they ever requested the info or that someone entirely different submitted the request under a fake name. How can it ever really be proved?
The business better be verifying that email address by sending a unique token to be returned. This is the method of verifying that the requestor owns that email box. Confirmed opt-in. Really now, all this has been established practice for the longest time. Only when there's money involved do people resist learning the ethics behind it. (marketers)
But there is still the issue of trust for those sysadms using the block lists. They presumably trust the list maintainer or they wouldn't be using the list.
This brings us to the core of the argument. If listee can, indeed, take his case to the owner of the blocking system. This is the way it's supposed to work. If the list is truly that badly maintained, then it will be unused in short order.
The blockee often screams unfairness, but doesn't care to look at the big spam picture. What is his block to me (the blocker) when I compare it to the crushing load of spam it's managing to stop? Nothing at all.
But by their anonymity, they make themselves unaccountable to anyone else.
They are accountable only to those who use the list to block. Those users may voice their displeasure by ceasing to use the list. Any other feedback avenue is above-and-beyond the responsibility of the list maintainer. Some might do it, some not. To assume they are accountable to anyone else is misguided.
Why not require everyone that sends mail to you to use pgp?
Aside from being onerous to the sender.
Why not make everyone who writes me put "FRED" in the subject line? Same effect. Solves nothing.
The eternal problem with content filters is that you're paying for delivery, whether your read it or not. IP blacklists stop the delivery entirely.
"hey if he can't run his mail server right, he shouldn't be doing it at all". That's a bad attitude to take, and putting someone on a blacklist without giving him the chance to correct the problem first is just plain wrong. Yet thats what these blacklists do. Only after you take care of the problem are you taken off the blacklist.
Yes. It's called Performance Based judgement. You should try it some time instead of touchy-feely T-Ball games for your kids. (Hint: no one wins or loses, everyone bats every inning. Losing might traumitize the kids!)
IMO, the way it should work, to be fair, is to send a warning email to someone from the company.
We've tried that method. Admins try and hide behind nonstandard email addresses; no abuse@ or postmaster@ addresses, if they even list one at all. The whois databases on IP ownership aren't always trustworthy. It's a damn lot of work, in addition to the time-cost of listing to begin with. Not only is the offending admin using my resources to send his spam, he expects me to waste my valuable time tracking him down, and often teching him his job? No. Pay me.
I should know. I've been in this situation, where my email server was way down on my list of priorities.
We know. The blacklists exist to move this up on your list of priorities.
I was blacklisted without warning or explanation. I had to investigate the whole matter myself, fix the problem, find the people who blacklisted me and go through their procedures to get off the blacklist.
OMG. It's called doing your JOB you lazy puss. They didn't make this work-to-be-done appear out of midair, they merely highlighted it on your list.
As much as you point the finger, as much as you wiggle, as much as you try and shift blame, you didn't do your job, you didn't understand the technology you were dealing with, and you misconfigured the server. This means you get to fix it and deal with the cleanup issues. They're a lot bigger than you originally thought. Maybe hiring someone qualified is in order.
4) Users can continue to pay for the delivery of their spam.
You think it's that people don't want to see spam? No. It's that they don't want to receive it. Procmail fixes nothing.
But he wasn't sending out spam, his server wasn't configured correctly. It's not his problem any more, he fixed the problem.
His problems don't necessarily end the instant he fixes the configuration. The cleanup efforts are part of the disincentive to misconfigure another.
And, it clearly is still his problem. "Our" end is fixed. The spam is stopped.
I hate to tell you this, but no one has patents on formulae. Do you think Newton patented his laws of motion?
So glad to hear it. I'll be happy to tell that to Rivest, Shamir, and Adleman for you.I disagree.
A 3 hour quiz is quite simply no replacement for 4 years of learning how to learn. No matter how you twist it.
That's fine in the winter, but what happens in the summertime when you don't want warm air from the server room coming in?
But, you do.
This equalizes the heat throughout the house, so the normal house air conditioning can take it away. There's no getting around the fact that he's producing more heat than the normal house does and must pay to get it outside somehow.
As a mail administrator, I don't want to force my opinion on all others whose Email my server handles. So, filtering on the server is out of the question. My procmail will do the RBL check, and sort appropriately. Works great.
You are one of the reasons the spam fight is going so slowly. People like you are the ones that I don't want to share a server with because I'm having to pay not only for the spam you read, but the spam you don't read.
It seems like a really nice feature for an email client would be something like the ICQ feature that auto-ignores people that aren't on your list.
It's called "whitelisting". "Blacklisting" is keeping a list from places that you don't want to receive information from.
By the time the email reaches your email a client, the spammer/thief has already cost you money. The fact that you punch Delete, or whether your filter punches Delete for you, is absolutely meaningless. You're paying for all that spam out there. Do you realize how _cheap_ net access could get if we weren't subsidizing these thieves' advertising?
Does Bakula have anything in his contract about "no blue backlight special effects permitted?"
As someone who is neither a puritan nor a libertarian, the law just looks like a reasonable attempt to bring internet providers into the same playing field as brick and mortar on this issue. If you oppose all those original laws, just say so. But don't try to make this out as some evil and nefarious new thing.
That is exactly the point, yes. Who is to say that those original brick and mortar laws were acceptable to begin with? I think a taste of real freedom on the net has prompted many meatspace laws to be called into question. Not unrealistic.
--
Do your homework first.
Taken from SPAM-L:
The listing was removed because MAPS received a commitment from Macromedia to secure their all new subscriptions to their mailing lists and to clean their existing lists via secure opt-in. We had two nominations for Macromedia; both nominators contacted Macromedia and asked them to secure their lists. In neither case did the nominator receive a satisfactory response to their requests.
Our investigator attempted to contact Macromedia as well, and his calls were not returned. When several calls went unanswered, he recommended the listing.
--
What do you think?
I think you should provide us with a link to the nomination that caused the listing, and then let us decide if it was fair or not; instead of just stating "it was listed."
You confirmed that the listing was present here...
A snapshot of the nomination would only be appropriate. Failing that, I would say that you don't really want our informed opinions, but a kneejerk anti-censorship reaction.
--
The world's fastest way to crash your webserver.
Take a document, scan it into a 130kb GIF file, then post a link to it on Slashdot.
--
The amount of work involved in switching is a non-argument. While the rest of us might be willing to help providers fix their spam problem, and sympathize with the amount of work that would be required in switching providers, ultimately, it's not our responsibility.
It is your responsibility to do your research and know what kind of scumbags you're dealing with before signing a contract with them. Any costs associated with breaking that contract are yours to bear.
We have contracts with our providers. You have contracts with your provider. The two providers have no contract and are working through mutual agreement. This can be cut off, and is, if one side doesn't behave.
--
Bull.
They're just preventing you from selling it at SpiffEmCars. You're free to take your car elsewhere to sell it.--
I do agree with what you're saying... for a end-user ISP. But, if you are a backbone provider (as above.net is) and you are dropping packets that are passing across your backbone -- not from your direct customers, not to your direct customers you are WRONG. You seem to be under the mental impression that a backbone's obligations and responsibilities are different from an ISP's. I disagree. Neither are they common carriers. I don't want them to be and I think they don't want to be either.
"It looks like a phone company. It acts like a phone company. It must be a phone company."
Bull****!
--